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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

Applicant: Graeme John PROUDLER, ) Re: Preliminary Amendment 

et al. ) 

U.S. Appln. No.: not yet ) Group: not yet assigned 

assigned ) 

U.S. Filing Date: concurrently ) Examiner: not yet assigned 
herewith ) 

International Application No: ) 

PCT/GB00/00504 ) 

International Filing Date: ) 

15 February 2000 ) Our Ref.: B-4276PCT 619003-1 

For: "COMMUNICATIONS BETWEEN ) 

MODULES OF A COMPUTING APPARATUS" ) Date: August 14, 2001 

Commissioner of Patents and Trademarks 
Box PCT 

Washington, D.C. 20231 

Attn: United States Designated/Elected Office (DO/EO/US) 
Sir: 

Prior to examination of the above-identified application, it is 
respectfully requested that the following amendments be made to 
the Claims : 



IN THE CLAIMS 



1. (Amended) A computing apparatus comprising: 
a trusted hardware module; 
a plurality of further hardware modules; 

a shared communication infrastructure by which the hardware 
modules can communicate with each other; and 

a first communication path, distinct from the shared 
communication infrastructure, by which a first one of the 
further hardware modules can communicate directly with the 
trusted hardware module but cannot communicate directly with any 
other of the further hardware modules. 
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2. (Amended) An apparatus as claimed in claim 1, wherein the 
trusted hardware module and the first further hardware module 
each include a respective computing engine which partakes in the 
direct communication via the first communication path. 

3. (Amended) An apparatus as claimed in claim 2, wherein: 

the first further hardware module is operable to supply to 
the trusted hardware module a request for operation on data; and 

in response to such a request, the trusted hardware module 
is operable to generate a response and to supply the response to 
the first further hardware module via the first communication 
path and not via the shared communication infrastructure. 

4. (Amended) An apparatus as claimed in claim 3, wherein the 
trusted hardware module includes means for storing policy 
information regarding such operations which can and/or cannot be 
permitted, and is operable to generate the response with 
reference to the policy information. 

5. (Amended) An apparatus as claimed in claim 1, wherein the 
trusted hardware module is operable to generate an encryption 
and/or decryption key and to supply that key to the first 
further hardware module via the first communication path and not 
via the shared communication infrastructure. 

6. (Amended) An apparatus as claimed in claim 5, wherein the 
first further hardware module is operable to use the key for 
encryption and/or decryption of data communicated via the shared 
communication infrastructure. 



7. (Amended) An apparatus as claimed in claim 1, wherein the 
trusted hardware module is operable to generate a challenge and 
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to supply the challenge to the first further hardware module via 
the first communication path or via the shared communication 
infrastructure using encryption set up using the first 
communication path. 

8. (Amended) An apparatus as claimed in claim 7, wherein: 

in response to the challenge, the first further hardware 
module is operable to generate a response and to supply the 
response to the trusted hardware module via the first 
communication path or via the shared communication 
infrastructure using encryption set up using the first 
communication path; and 

the trusted hardware module is operable to use the response 
in generating an integrity metric of the apparatus. 

9. (Amended) An apparatus as claimed in claim 1, wherein: 

the first further hardware module has a zone for private 
data and a zone for non-private data; and 

the first further hardware module is operable to supply 
and/or receive data from/ for the private data zone via the first 
communication path and not via the shared communication 
infrastructure . 

10. (Amended) An apparatus as claimed in claim 9, wherein the 
first further hardware module is operable to supply and/or 
receive data from/ for the non-private data zone via the shared 
communication infrastructure. 

11. (Amended) An apparatus as claimed in claim 10, wherein the 
first further hardware module has an interface between the 
private and non-private data zones which is operable to inhibit 
the passing of data from the private data zone to the non- 
private data zone. 
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12. (Amended) An apparatus as claimed in claim 1, wherein the 
first further hardware module is a network interface module. 

13. (Amended) An apparatus as claimed in claim 1, and 
including a second communication path, distinct from the shared 
communication infrastructure and the first communication path, 
by which a second one of the further hardware modules can 
communicate directly with the trusted hardware module but cannot 
communicate directly with any other of the further hardware 
modules . 

14. (Amended) An apparatus as claimed in claim 13, wherein: 
the first further hardware module is operable to supply to 

the trusted hardware module a request for a transfer of data 
between the first and second further hardware modules; and 

in response to such a request, the trusted hardware module 
is operable to generate a response and to supply the response to 
the first or second further hardware module via the first or 
second communication path, as the case may be, and not via the 
shared communication infrastructure. 

15. (Amended) An apparatus as claimed in claim 14, wherein the 
trusted hardware module includes means for storing policy 
information regarding such transfers which can and/or cannot be 
permitted, and is operable to generate the response with 
reference to the policy information. 

16. (Amended) An apparatus as claimed in claim 14, wherein: 

in response to an appropriate such transfer response, the 
first or second further hardware module is operable to supply 
the data to the trusted hardware module via the first or second 
communication path, as the case may be; and 
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in response to the receipt of such data, the trusted 
hardware module is operable to relay the data to the second or 
first further hardware module, as the case may be, via the 
second or first communication path, as the case may be. 

17. (Amended) An apparatus as claimed in claim 13 , wherein the 
second further hardware module is a main processor unit of the 
apparatus or a non- volatile data storage module. 

18. (Amended) An apparatus as claimed in claim 13, and 
including at least a third communication path, distinct from the 
shared communication infrastructure and the other communication 
paths, by which at least a third one of the further hardware 
modules can communicate directly with the trusted hardware 
module but cannot communicate directly with any other of the 
further hardware modules . 

19. (Amended) An apparatus as claimed in claim 18, wherein the 
second further hardware module is a main processor unit of the 
apparatus and the third further hardware module is a non- 
volatile data storage module. 

20. (Amended) An apparatus as claimed in claim 1, wherein the 
trusted hardware module is adapted to measure an integrity 
metric of the computing apparatus. 

Please add the following new claims: 

21. (New) A computing apparatus comprising: 

a trusted hardware module resistant to unauthorized 
modification; 

a plurality of further hardware modules; 

a shared communication infrastructure by which the hardware 
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modules can communicate with each other; and 

a first communication path distinct from the shared 
communication infrastructure by which a first one of the further 
hardware modules can communicate directly with the trusted 
hardware module but which is inaccessible to the other further 
hardware modules. 

22. (New) An apparatus as claimed in claim 21, wherein the 
trusted hardware module and the first further hardware module 
each include a respective computing engine which partakes in the 
direct communication via the first communication path. 

23. An apparatus as claimed in claim 22, wherein': 

the first further hardware module is operable to supply to the 
trusted hardware module a request for operation on data; and 
in response to such a request, the trusted hardware module is 
operable to generate a response and to supply the response to 
the first further hardware module via the first communication 
path and not via the shared communication infrastructure. 

24. (New) An apparatus as claimed in claim 23, wherein the 
trusted hardware module includes means for storing policy 
information regarding such operations which can and/or cannot be 
permitted, and is operable to generate the response with 
reference to the policy inf ormation. 

25. (New) An apparatus as claimed in claim 21, wherein the 
trusted hardware module is operable to generate an encryption 
and/or decryption key and to supply that key to the first 
further hardware module via the first communication path and not 
via the shared communication infrastructure. 



26. (New) An apparatus as claimed in claim 25, wherein the 
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first further hardware module is operable to use the key for 
encryption and/or decryption of data communicated via the shared 
communication infrastructure. 

27. (New) An apparatus as claimed in claim 21, wherein the 
trusted hardware module is operable to generate a challenge and 
to supply the challenge to the first further hardware module via 
the first communication path or via the shared communication 
infrastructure using encryption set up using the first 
communication path. 

28. (New) An apparatus as claimed in claim 27, wherein: 

in response to the challenge, the first further hardware module 
is operable to generate a response and to supply the response to 
the trusted hardware module via the first communication path or 
via the shared communication infrastructure using encryption set 
up using the first communication path; and 

the trusted hardware module is operable to use the response in 
generating an integrity metric of the apparatus. 

29. (New) An apparatus as claimed in claim 21, wherein the 
first further hardware module is a network interface module. 

30. (New) An apparatus as claimed in claim 21, wherein the 
trusted hardware module is adapted to measure an integrity 
metric of the computing apparatus. 

REMARKS 

This Preliminary Amendment removes the reference numerals from 
the claims and clarifies antecedents for some of the terms in 
the claims. These amendments do not affect the scope of the 
claims. New claims 21-30 have been added after International 
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Preliminary Examination. 

This Preliminary Amendment also amends Claims 3, 5, 7, 9, 11-13, 
16-18, and 20 so that these claims are no longer multiply 
dependent to reduce the official fees at the U.S. Patent and 
Trademark Office (USPTO) . The Applicants may elect to amend 
Claims 3, 5, 7, 9, 11-13, 16-18, and 20 to make them again 
multiply dependent or to add additional claims to this 
application to provide coverage similar to, broader than, or 
narrower than the present claims at any time during the pendency 
of the above-identified U.S. application. 




Reg. No. 28,145 
Attorney for Applicant 
LADAS Sc PARRY 

5670 Wilshire Boulevard #2100 
Los Angeles, California 90036 
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1. (Amended) A computing apparatus comprising: 

a trusted hardware module [(120)]; 

a plurality of further hardware modules [(102,104,106)]; 

a shared communication infrastructure [(110)] by which the 
hardware modules can communicate with each other; and 

a first communication path [ (122a; 122b; 122c) ] , distinct 
from the shared communication infrastructure, by which a first 
one [ (102; 104; 106) ] of the further hardware modules can 
communicate directly with the trusted hardware module but cannot 
communicate directly with any other of the further hardware 
modules . 

2. (Amended) An apparatus as claimed in claim 1, wherein the 
trusted hardware module and the first further hardware module 
each include a respective computing engine which partakes in the 
direct communication via the first communication path. 

3. (Amended) An apparatus as claimed in claim [1 or] 2, 
wherein: 

the first further hardware module [(102)] is operable to 
supply to the trusted hardware module a request [(156)] for 
operation on data; and 

in response to such a request, the trusted hardware module 
is operable to generate a response [(158)] and to supply the 
response to the first further hardware module via the first 
communication path [(122a)] and not via the shared communication 
infrastructure . 
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4. (Amended) An apparatus as claimed in claim 3, wherein the 
trusted hardware module includes means [(132)] for storing 
policy information regarding such operations which can and/or 
cannot be permitted, and is operable to generate the response 
with reference to the policy information. 

5. (Amended) An apparatus as claimed in [any preceding] claim 
1, wherein the trusted hardware module is operable to generate 
an encryption and/or decryption key and to supply that key to 
the first further hardware module via the first communication 
path and not via the shared communication infrastructure. 

6. (Amended) An apparatus as claimed in claim 5, wherein the 
first further hardware module is operable to use the key for 
encryption and/or decryption of data communicated via the shared 
communication infrastructure. 

7. (Amended) An apparatus as claimed in [any preceding] claim 
1, wherein the trusted hardware module is operable to generate a 
challenge [(142)] and to supply the challenge to the first 
further hardware module via the first communication path or via 
the shared communication infrastructure using encryption set up 
using the first communication path. 
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8. (Amended) An apparatus as claimed in claim 7, wherein: 

in response to the challenge, the first further hardware 
module is operable to generate a response [ (144a, 144b, 144c) ] and 
to supply the response to the trusted hardware module via the 
first communication path or via the shared communication 
infrastructure using encryption set up using the first 
communication path; and 

the trusted hardware module is operable to use the response 
in generating an integrity metric of the apparatus. 

9. (Amended) An apparatus as claimed in [any preceding] claim 
1, wherein: 

the first further hardware module [(106)] has a zone 
[(114)] for private data and a zone [(116)] for non-private 
data ; and 

the first further hardware module is operable to supply 
and/or receive data from/for the private data zone via the first 
communication path [(122c)] and not via the shared communication 
infrastructure . 

10. (Amended) An apparatus as claimed in claim 9, wherein the 
first further hardware module is operable to supply and/or 
receive data from/ for the non -private data zone via the shared 
communication infrastructure . 

11. (Amended) An apparatus as claimed in claim [9 or] 10, 
wherein the first further hardware module has an interface 
[(118)] between the private and non-private data zones which is 
operable to inhibit the passing of data from the private data 
zone to the non-private data zone. 
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12. (Amended) An apparatus as claimed in [any preceding] claim 
l f wherein the first further hardware module is a network 
interface module [ (106) ] . 

13. (Amended) An apparatus as claimed in [any preceding] claim 
1, and including a second communication path [ (122a; 122b) ] # 
distinct from the shared communication infrastructure and the 
first communication path [(122c)], by which a second one 
t(102;104)] of the further hardware modules can communicate 
directly with the trusted hardware module but cannot communicate 
directly with any other of the further hardware modules. 

14. (Amended) An apparatus as claimed in claim 13, wherein: 
the first further hardware module [(102)] is operable to 

supply to the trusted hardware module a request [(164)] for a 
transfer of data between the first and second further hardware 
modules; and 

in response to such a request, the trusted hardware module 
is operable to generate a response [(164)] and to supply the 
response to the first or second further hardware module [(104)] 
via the first or second communication path [(122b)], as the case 
may be, and not via the shared communication infrastructure. 

15. (Amended) An apparatus as claimed in claim 14, wherein the 
trusted hardware module includes means [(132)] for storing 
policy information regarding such transfers which can and/or 
cannot be permitted, and is operable to generate the response 
with reference to the policy information. 
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16. (Amended) An apparatus as claimed in claim 14 [or 15], 
wherein: 

in response to an appropriate such transfer response, the 
first or second further hardware module is operable to supply 
the data to the trusted hardware module via the first or second 
communication path, as the case may be; and 

in response to the receipt of such data, the trusted 
hardware module is operable to relay the data to the second or 
first further hardware module, as the case may be, via the 
second or first communication path, as the case may be. 

17. (Amended) An apparatus as claimed in claim [any of claims] 
13 [or 16], wherein the second further hardware module is a main 
processor unit [(102)] of the apparatus or a non-volatile data 
storage module [ (104) ] . 

18. (Amended) An apparatus as claimed in claim [any of claims] 
13 [to 17], and including at least a third communication path 
[link (122b)], distinct from the shared communication 
infrastructure and the other communication paths [links 
(122a, 122c) ] , by which at least a third one [(104)] of the 
further hardware modules can communicate directly with the 
trusted hardware module but cannot communicate directly with any 
other [(102,106)] of the further hardware modules, 

19. (Amended) An apparatus as claimed in claim 18, wherein the 
second further hardware module is a main processor unit [(102)] 
of the apparatus and the third further hardware module is a non- 
volatile data storage module [(104)]. 
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20. (Amended) An apparatus as claimed in [any preceding] claim 
1, wherein the trusted hardware module [(120)] is adapted to 
measure an integrity metric of the computing apparatus. 



